10 matches found
Astra Linux – Vulnerability in pillow
A issue was discovered in Pillow before version 8.2.0. For BLP data, BlpImagePlugin did not properly check the returned data after jumping to file offsets. This could lead to a denial-of-service attack, where the decoder could be executed multiple times with empty data...
OESA-2024-2383 rubygem-actionmailer security update
Email on Rails. Compose, deliver, and test emails using the familiar controller/view pattern. First-class support for multipart email and attachments. Security Fixes: Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5,...
SUSE CVE-2024-47889
Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. Carefully crafted text can cause the blockformat helper to...
DEBIAN-CVE-2024-47889
Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. Carefully crafted text can cause the blockformat helper to...
UBUNTU-CVE-2024-47889
Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. Carefully crafted text can cause the blockformat helper to...
PT-2024-7931
Name of the Vulnerable Software and Affected Versions Action Mailer versions 3.0.0 through 6.1.7.8 Action Mailer versions 7.0.0 through 7.0.8.4 Action Mailer versions 7.1.0 through 7.1.4.0 Action Mailer versions 7.2.0 through 7.2.1.0 Description The issue is related to the block format helper in...
CVE-2022-23495
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...
[SECURITY] Fedora 36 Update: golang-github-pierrec-lz4-4.1.3-6.fc36
Package lz4 implements reading and writing lz4 compressed data a frame, as specified in http://fastcompression.blogspot.com/2013/04/lz4-streaming-format-final.html. This package is compatible with the LZ4 frame format although the block level compression and decompression functions are exposed an...
PT-2021-17670 · Pillow +9 · Pillow +9
Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 8.1.1 Description: The issue allows attackers to cause a denial of service due to memory consumption. This occurs because the reported size of a contained image is not properly checked for a BLP container, leading to...
RHEL 5 : xen (RHSA-2008:0194)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2008:0194 advisory. - xen xenmon.py / xenbaked insecure temporary file accesss CVE-2007-3919 - QEMU Buffer overflow via crafted net socket listen option...